Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/7bMPEq4rb3YMZjkp-diRNLSvU0g.roa
File:                     7bMPEq4rb3YMZjkp-diRNLSvU0g.roa (raw, json)
Hash identifier:          v+mzn2/SkSpc6PzSLbqd2tHr3vpzxG52oOANIcYQzHU=
Subject key identifier:   ED:B3:0F:12:AE:2B:6F:76:0C:66:39:29:F9:D8:91:34:B4:AF:53:48
Certificate issuer:       /CN=8b91e0a104b5b3ddf1f5d08e7acb2b79e0d566f9
Certificate serial:       018CC726EFCAED11197B41C40A7FC1488BFF
Authority key identifier: 8B:91:E0:A1:04:B5:B3:DD:F1:F5:D0:8E:7A:CB:2B:79:E0:D5:66:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/7bMPEq4rb3YMZjkp-diRNLSvU0g.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.92.116.0/22 maxlen: 22
                          194.28.46.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ef:ca:ed:11:19:7b:41:c4:0a:7f:c1:48:8b:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b91e0a104b5b3ddf1f5d08e7acb2b79e0d566f9
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edb30f12ae2b6f760c663929f9d89134b4af5348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0a:99:37:5e:6b:4b:ac:9e:79:d7:4f:e2:45:
                    c5:11:bb:29:3d:a4:09:50:a1:e8:96:ce:37:19:ff:
                    5f:5b:f5:fa:18:e2:18:24:79:8e:e1:45:3b:f0:e6:
                    f8:af:e2:ca:d6:d7:ec:69:2f:2d:37:bf:91:1a:c2:
                    45:dc:dd:61:84:38:29:f4:31:bd:6c:01:0d:32:1d:
                    11:9d:c3:f6:5d:3d:55:87:61:87:fb:76:ef:32:fd:
                    97:70:f5:57:ba:37:60:60:48:53:b0:00:00:e9:32:
                    99:d1:e3:98:54:8b:d4:d7:72:bd:54:0d:68:cd:ac:
                    b7:ea:d8:30:b2:39:de:1c:1a:4a:8d:b9:0d:e2:59:
                    ce:52:15:41:88:02:66:5b:4b:fb:5f:52:24:7b:27:
                    24:7c:15:55:97:bc:86:76:89:6e:1c:67:18:a1:bb:
                    b5:3c:87:0b:a1:63:8d:3c:a5:48:09:15:57:53:01:
                    14:4b:d2:ea:ef:29:b0:25:d6:28:d9:fd:8f:d0:12:
                    55:13:39:e2:4e:0b:78:27:8a:d1:56:2a:9c:bf:b2:
                    f7:90:66:4f:90:6f:04:7c:84:8c:d2:2b:ba:fb:87:
                    36:d1:bf:be:ce:35:24:f7:09:6b:d9:16:3e:65:54:
                    61:b9:7c:c8:0f:40:fa:fc:53:92:67:66:4f:5a:be:
                    d3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B3:0F:12:AE:2B:6F:76:0C:66:39:29:F9:D8:91:34:B4:AF:53:48
            X509v3 Authority Key Identifier:
                keyid:8B:91:E0:A1:04:B5:B3:DD:F1:F5:D0:8E:7A:CB:2B:79:E0:D5:66:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/7bMPEq4rb3YMZjkp-diRNLSvU0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.116.0/22
                  194.28.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e7:7d:45:6b:53:eb:92:3b:f9:93:c3:91:69:93:42:ea:60:96:
         42:81:2e:2a:c9:fd:4b:de:2d:b8:c7:b6:bd:22:2d:a2:f9:19:
         88:28:30:36:1d:e7:b9:cb:68:d5:ef:5b:b6:58:90:cb:84:5d:
         cc:d0:4e:94:17:2e:1d:db:3f:67:55:fa:22:d3:98:41:c5:4a:
         de:70:ca:99:22:29:aa:9b:82:48:8f:f7:e6:0f:c9:3e:4e:92:
         76:6b:2a:f8:03:25:ff:d1:15:3e:99:f8:7f:33:9a:8d:5e:a3:
         d5:5c:e4:ed:49:b0:1a:30:e6:6d:9b:72:46:f4:d8:3b:d8:d9:
         37:c4:79:a2:b5:02:e2:bf:45:af:19:bf:b8:7a:86:dc:ac:d7:
         65:0b:0f:53:f4:cb:04:4c:25:57:fa:6d:25:69:c5:fd:63:22:
         99:c3:16:16:dd:62:11:55:79:1a:05:c3:2a:8a:9c:ad:b2:c7:
         11:d5:02:12:5f:6d:74:22:bc:51:4c:54:da:e6:0b:5b:83:b1:
         e3:17:dd:72:43:15:eb:c9:71:2a:ec:c7:51:ca:b4:f9:8b:71:
         c6:ee:e1:96:bf:ee:75:2d:e8:98:27:06:3f:81:6a:40:84:4f:
         37:be:3f:ab:ad:b2:f2:ba:e5:4d:53:f3:c0:46:37:ac:0c:b1:
         69:23:85:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJu/K7REZe0HECn/BSIv/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOTFlMGExMDRiNWIzZGRmMWY1ZDA4ZTdhY2IyYjc5ZTBk
NTY2ZjkwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGIzMGYxMmFlMmI2Zjc2MGM2NjM5MjlmOWQ4OTEzNGI0YWY1MzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgqZN15rS6yeeddP4kXFEbspPaQJ
UKHols43Gf9fW/X6GOIYJHmO4UU78Ob4r+LK1tfsaS8tN7+RGsJF3N1hhDgp9DG9
bAENMh0RncP2XT1Vh2GH+3bvMv2XcPVXujdgYEhTsAAA6TKZ0eOYVIvU13K9VA1o
zay36tgwsjneHBpKjbkN4lnOUhVBiAJmW0v7X1IkeyckfBVVl7yGdoluHGcYobu1
PIcLoWONPKVICRVXUwEUS9Lq7ymwJdYo2f2P0BJVEzniTgt4J4rRViqcv7L3kGZP
kG8EfISM0iu6+4c20b++zjUk9wlr2RY+ZVRhuXzID0D6/FOSZ2ZPWr7TxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO2zDxKuK292DGY5KfnYkTS0r1NIMB8GA1UdIwQY
MBaAFIuR4KEEtbPd8fXQjnrLK3ng1Wb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVIZ29RUzFzOTN4OWRDT2Vzc3JlZURWWnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9kZmJmYzQtY2MzZi00NzdjLThkNzYt
YThjNTc2MjI0YmEyLzEvN2JNUEVxNHJiM1lNWmprcC1kaVJOTFN2VTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9kZmJmYzQtY2MzZi00NzdjLThkNzYtYThjNTc2MjI0YmEy
LzEvaTVIZ29RUzFzOTN4OWRDT2Vzc3JlZURWWnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVx0AwQB
whwuMA0GCSqGSIb3DQEBCwUAA4IBAQDnfUVrU+uSO/mTw5Fpk0LqYJZCgS4qyf1L
3i24x7a9Ii2i+RmIKDA2Hee5y2jV71u2WJDLhF3M0E6UFy4d2z9nVfoi05hBxUre
cMqZIimqm4JIj/fmD8k+TpJ2ayr4AyX/0RU+mfh/M5qNXqPVXOTtSbAaMOZtm3JG
9Ng72Nk3xHmitQLiv0WvGb+4eobcrNdlCw9T9MsETCVX+m0lacX9YyKZwxYW3WIR
VXkaBcMqipytsscR1QISX210IrxRTFTa5gtbg7HjF91yQxXryXEq7MdRyrT5i3HG
7uGWv+51LeiYJwY/gWpAhE83vj+rrbLyuuVNU/PARjesDLFpI4Wy
-----END CERTIFICATE-----